| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | sfrost(at)snowman(dot)net |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, Markus Wanner <markus(at)bluegap(dot)ch>, Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Subject: | Re: Column-Level Privileges |
| Date: | 2009-01-21 03:02:58 |
| Message-ID: | 49769062.8090504@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> On the whole I think we have to go back to the original plan of
>> recursively searching the query's expressions after we've finished all
>> the transformations (and have a completed jointree to refer to). This
>> is slightly annoying on the grounds of adding parsing overhead that's
>> completely useless unless per-column privileges are in use. On the
>> other hand, none of the workable alternatives are exactly overhead-free
>> either.
>>
>> Comments?
>
> Honestly, I like this approach. There is some additional overhead
> during parsing, but it seems cleaner and more robust. Also, hopefully
> in most cases where people are concerned about parse time they're
> preparing their queries. If it's warrented, we could try doing
> benchmarks to see how bad the impact is and if we need to do something
> different. It doesn't strike me as likely to be a significant amount of
> overhead though.
I agree with Stephen's opinion.
Indeed, the walker approach requires additional steps during query
parsing, but the code obviousness is a significant factor from the
point of view of security.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-01-21 03:35:02 | Re: Column-Level Privileges |
| Previous Message | Alvaro Herrera | 2009-01-21 02:41:24 | Re: New pg_dump patch -- document statistics collector exception |